.png)
KUALA LUMPUR – Less than a year since the MyIdentity data leak, several local technology news sites are reporting that a group of hackers have now claimed to have personal details of 22.5 million Malaysians stolen from the National Registration Department (NRD).
A website known as Amanz reported that the details leaked are MyKad numbers, names, dates of birth, home addresses, gender, and registered phone numbers belonging to those born between 1940 and 2004.
The hackers are said to be looking to sell the data for US$10,000 (RM43,870) in bitcoin, while it is yet to be ascertained if NRD is aware of the leak.
Meanwhile, tech site lowyat.net reported that the search for the sale was listed in a “well-known database marketplace” rather than the dark web, which makes it easier to access.
To entice buyers, the seller posted personal details of Home Minister Datuk Seri Hamzah Zainudin along with the sale listing to “prove” the ownership of the 160GB dataset that even contains photographs used in MyKads.
SoyaCincau then reported that a few weeks prior, the same seller claimed to have a database of 802,259 Malaysians obtained from the Election Commission’s (EC) voter registration page.
The seller reportedly has “electronic Know Your Customer (eKYC) images of people taking selfies while holding their IC” – which is used by the EC for verification purposes – and is willing to part with the 67GB dataset for US$2,000.
Last September, leaked MyIdentity data was being sold online for 0.2 bitcoin (about RM35,000 then) with the seller alleging that the dataset had four million entries obtained from the MyIdentity API through the Inland Revenue Board (IRB) website.
However, IRB denied it was the source of the leak as it was not the owner of the MyIdentity system, and that an investigation would be carried out with the NRD, National Cyber Security Agency, and National Security Council.
Later, Hamzah said in a statement that his ministry would ensure that personal data held by the NRD was secure. – The Vibes, May 18, 2022
